ory
return_to not honoured when registering (Login flow)
Discussed in https://github.com/ory/cloud/discussions/114
Originally posted by thecodeassassin July 5, 2022 Hi,
We start the login flow like so:
http://d3.local.maxroll.gg/.ory/self-service/login/browser?return_to=http://d3.local.maxroll.gg/?logged_in=1&after_verification_return_to=http://d3.local.maxroll.gg/?logged_in=1
After the user registers they are actually redirected to the root domain (https://maxroll.gg). I cannot really figure out why this is happening since we've not set that domain up anywhere. (no default post registration url etc).
The problem is that the registration / login links
https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L29-L35
are respecting return_to, but only if it is in the URL available:
https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L16
Instead, we should check the return_to value from the flow itself and use that. The value is available in the flow:
https://github.com/ory/kratos/blob/c8805b640323118f94c81fb0fc152e8f95d628f5/selfservice/flow/login/flow.go#L78
So basically we just need to generate the link here
https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L59-L67
with the correct return_to value :)
There is another issue here. For OIDC registrations flows, the return_to is not respected.
When using the same OIDC flow for logins, everything works fine.
This should be fixed now https://github.com/ory/kratos-selfservice-ui-node/pull/243
